Yahoo announces plan to encrypt all customer data, email by 2014

Yahoo will add encryption to all its services in an effort to shield customers from ongoing monitoring and data collection by the National Security Agency, company president and CEO Marissa Mayer announced in a blog post.

Mayer published the news in an announcement to customers on
Yahoo’s Tumblr page. She acknowledged that the changes are in
response to the NSA leaks that began in June, which have outraged
the public and challenged internet leaders to come up with an
answer.

“We’ve worked hard over the years to earn our users’ trust and
we fight hard to preserve it. As you know, there have been a
number of reports over the last six months about the US
government secretly accessing user data without the knowledge of
tech companies, including Yahoo,” she wrote.

“I want to reiterate what we have said in the past: Yahoo has
never given access to our data centers to the NSA or to any other
government agency. Ever. There is nothing more important to us
than protecting our users’ privacy.”

Mayer said the changes will be implemented by the first quarter
of 2014.

The statement comes less than one month after The Washington Post
revealed that the NSA infiltrated the main communication links
between Yahoo and Google centers located around the world. By
doing so, the NSA essentially gave itself the ability to collect
information from hundreds of users’ accounts, most of whom are
Americans.

Working in conjunction with the GCHQ, its British intelligence
counterpart, the NSA processed 181,280,466 records showing which
users sent or received emails, when they did so, and other
context such as text, audio, and video. This program is in
addition to the court-approved PRISM program, according to the
Post report based on documents obtained by NSA whistleblower
Edward Snowden.

Yahoo recently announced that the company plans to better protect
the privacy of Yahoo Mail by introducing Secure Sockets Layer -
known as SSL - encrypting with a 2048-bit key. According to
Mayer’s announcement, the company plans to build on that.

“We will encrypt all information that moves between our data
centers by the end of Q1 of 2014,” she wrote, adding that
Yahoo plans to “offer users an option to encrypt all data flow
to/from Yahoo by the end of Q1 2014, work closely with our
international Mail partners to ensure that Yahoo co-branded Mail
accounts are https-enabled.”

This announcement comes after Google went public with a similar
encryption initiative that aims to turn messages from text into
gibberish when Google is forced to turnover data by court order.
Eric Grosse, vice president for security engineering at Google,
told The Washington Post in September that such efforts are
likely to continue.

“It’s an arms race,” he said. “We see these government
agencies as among the most skilled players in the game.”